Dynamic rule sets for generated logs

ABSTRACT

A network administration system for automatically activating and deactivating dynamic rule sets in response to receipt of error logs from network devices and applications, comprising a user interface for manually activating and deactivating rule sets having defined rule set criteria and for associating rule set activation keys with the rule sets, wherein said activation keys associate changes in status of the dynamic rule sets, and a program for receiving the error logs and for each of the rule sets in connection with which activation keys have been associated and whose criteria have been satisfied by the error logs, reading the activation keys and one of either activating or deactivating the dynamic rule sets in accordance with the associated changes in status.

FIELD OF THE INVENTION

[0001] This invention relates in general to network diagnostics, andmore particularly to a network administration system for automaticallyactivating dynamic rule sets in response to satisfying the criteria ofexisting static rule sets of error logs in a network.

BACKGROUND OF THE INVENTION

[0002] It is well known in traditional computer and digitalcommunication networks for technicians to respond to the generation oferror logs by notifying affected users of system problems, analyzing andthen fixing the problems using an assortment of software commands and/ortools. The use of such software commands is often repetitive andrequires the technician to manually enter the commands upon eachobservation of a specific log. Thousands of logs can be generated by asingle problem. For example, if a T1 line goes down, error logs could begenerated by thousands of phones that cannot find a dial tone.

[0003] Therefore, according to the prior art, automatic filtering oferror logs has been effected through the use of “rule sets” to determineif a combination of logs satisfies a given criteria. One example of suchan automated process is a product from Plexis(http://www.triadhc.com/edi.shtml) called Plexis EDI Toolkit. If thecriteria is satisfied, it is known in the art either to generate afurther log or to provide an overall summary for describing the problemto the technician. Thus, it is known to generate Higher Level Logs (HLL)from Lower Level Logs (LLL) in response to predetermined rule sets beingsatisfied. The Lower Level Logs (LLL) are generated by networkapplications or devices. Such systems are valuable because the HLLs helpto explain to the system administrator/designer what is really going onin the system.

[0004] There are instances where HLL's generate more HLL logs, orcombinations of LLL's and HLL's generate new HLL's. According to theprior art, these rule sets are either manually applied by the technicianas required, which can be a time consuming and complicated task wheremany logs have been generated, or the rule sets remain activated at alltimes, in which case analysis of the logs becomes time consuming sincemany rule sets need to be examined.

SUMMARY OF THE INVENTION

[0005] According to the present invention, a network administrationsystem is provided for automatically activating and deactivating dynamicrule sets when specified static rule sets have been satisfied. Thestatic rule sets whose criteria have been satisfied by the generation ofpredetermined error logs trigger activation or deactivation of thedynamic rule sets. The automatic activation and deactivation of dynamicrule sets alleviates time consuming manual application of rule sets. Thecausal activation and deactivation of the dynamic rule sets only whenother rule set criteria have been satisfied reduces the number of rulesets when compared to the prior art approach of activating all rule setsat all times.

[0006] The system of the present invention may advantageously be appliedto any application that generates logs and is monitored by rule sets, toallow dynamic variations in monitoring when different problems arise,and to set explicit instructions for specific circumstances of logs.

BRIEF DESCRIPTION OF THE DRAWINGS

[0007] A detailed description of the preferred embodiment is set forthherein below with reference to the following drawings, in which:

[0008]FIG. 1 is a block diagram of an exemplary network incorporatingthe system of the present invention;

[0009]FIG. 2 is a table of a set of rules that have been defined for usein the network of FIG. 1;

[0010]FIG. 3 is a table showing an exemplary list of logs generated bythe network of FIG. 1;

[0011]FIG. 4 shows a graphical user interface for entering dynamic rulesets; and

[0012]FIG. 5 is a flowchart showing activation and deactivation ofdynamic rule sets.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT

[0013]FIG. 1 shows a typical network comprising a plurality of phones(P1 to P3) connected to a server implemented PBX (PBX1), a further phoneP1 connected to a client server C1, both the client C1 and PBX1 beingconnected to a PBX2. The PBX 2 is connected to a T1 trunk in a wellknown manner. Each of the devices shown in FIG. 1, with the exception ofthe trunk, has the capability of generating logs to inform a technicianof the device status. The network configuration is for illustrationpurposes only, and may incorporate a host of other devices and networks.

[0014] As indicated above, FIG. 2 demonstrates a set of rule sets thatare defined for use in the network in FIG. 1, and FIG. 3 shows a typicallist of logs (HLL's and LLL's) that are generated from the network inFIG. 1 as well as associated explanations of how dynamic rule sets arecreated. The explanation does not form part of the error log, which isrestricted to the Log ID, Time Generated and Brief Description. Thesystem parses the Brief Description in order to identify the source of aparticular error log.

[0015] According to the invention, a network administration system isprovided for programming the activation and deactivation of dynamic rulesets in response to network conditions. Thus, with reference to FIG. 4,a user interface is provided for activating and deactivating certainrule sets (identified by rule set Ids, such as RSID001, RSID02, etc),and associating rule set activation and deactivation keys. Thus, therule set identified by RSID001 has been activated by the user andprogrammed to activate rules sets RSID004 and RS005 when its rule setcriteria have been satisfied (i.e. LogP6000 or LogP6001 or LogP6002)have been received from two or more phones). When the criteria for ruleset RSID001 have been satisfied, HLL001 will be generated and the RuleSet Status for RSID004 and RSID005 will change in FIG. 2 from OFF to ON.Likewise, when the rule set criteria for RSID004 has been satisfied(i.e. more than one hundred system error logs have been counted), HL004is generated. The activated rule sets remain active until reset by theuser, by another rule set, or by timing out. According to the scenarioof FIGS. 2-4, RSID006 has been deactivated by the user. However, ifactivated by the user this rule set monitors the faulty T1 trunk foractivity (i.e. the rule set is Search for >2 ping T1 logs). The logdetails of FIG. 3 shown LOGT001 being generated three times insuccession, thereby satisfying the RSID006 rule set which, according tothe user configuration of FIGS. 2 and 4, results in self-deactivation ofthe rule set (as well as deactivation of rule set RSID007).

[0016] The activation and deactivation of rule sets is triggered byusing software tools (e.g. Visual Basic, C++) to read and compare thelogs to active rule sets, as shown in FIG. 5. If a rule set is fullysatisfied, its rule set ID is compared with the rule set Ids of anyassociated activation keys (as programmed by the user). If the rule sethas activation keys programmed, the first such activation key is read,the status of the specified rule set is changed, and remainingactivation keys are read and changed in the same manner until noactivation keys remain for the rule set.

[0017] Exemplary pseudo-code of the process for implementing the networkadministration system of the present invention is as follows: Dynamicrule sets function prog Retrieve log Compare logs with rule sets If ruleset fully satisfied If rule set has activation keys Go to firstactivation key While activation keys exist Set status of specified ruleset id Go to next activation key endwhile endif endif End dynamic rulesets function prog

[0018] Alternatives and modifications of the invention are possiblewithin the sphere and scope as set forth in the claims appended hereto.

What is claimed is:
 1. A network administration system for automaticallyactivating and deactivating dynamic rule sets in response to receipt oferror logs from network devices and applications, comprising: a userinterface for manually activating and deactivating rule sets havingdefined rule set criteria and for associating rule set activation keyswith said rule sets, wherein said activation keys associate changes instatus of said dynamic rule sets; and program means for receiving saiderror logs and for each of said rule sets in connection with whichactivation keys have been associated and whose criteria have beensatisfied by said error logs, reading said activation keys and one ofeither activating or deactivating said dynamic rule sets in accordancewith said associated changes in status.
 2. The network administrationsystem of claim 1, wherein said program means is implemented viapseudo-code comprising: Dynamic rule sets function prog Retrieve logCompare logs with rule sets If rule set fully satisfied If rule set hasactivation keys Go to first activation key While activation keys existSet status of specified rule set id Go to next activation key endwhileendif endif End dynamic rule sets function prog


3. A method of activating and deactivating dynamic rule sets in responseto receipt of error logs from network devices and applications,comprising the steps of: activating predetermined rule sets havingdefined rule set criteria; associating rule set activation keys withsaid predetermined rule sets, wherein said activation keys associatechanges in status of said dynamic rule sets; receiving said error logs;and comparing said error logs with said predetermined rule sets and foreach of said rule sets in connection with which activation keys havebeen associated and whose criteria have been satisfied by said errorlogs, reading said activation keys and one of either activating ordeactivating said dynamic rule sets in accordance with said associatedchanges in status.
 4. A software product for automatically activatingand deactivating dynamic rule sets in response to receipt of error logsfrom network devices and applications, comprising: a user interface formanually activating and deactivating rule sets having defined rule setcriteria and for associating rule set activation keys with said rulesets, wherein said activation keys associate changes in status of saiddynamic rule sets; and program means for receiving said error logs andfor each of said rule sets in connection with which activation keys havebeen associated and whose criteria have been satisfied by said errorlogs, reading said activation keys and one of either activating ordeactivating said dynamic rule sets in accordance with said associatedchanges in status.
 5. The software product of claim 4, wherein saidprogram means is implemented via pseudo-code comprising: Dynamic rulesets function prog Retrieve log Compare logs with rule sets If rule setfully satisfied If rule set has activation keys Go to first activationkey While activation keys exist Set status of specified rule set id Goto next activation key endwhile endif endif End dynamic rule setsfunction prog